Vulnerability
Vulnerability in FIDO2 Protocol
Researchers at the National Science Foundation (NSF) identified flaws in Fast IDentity Online (FIDO) authentication. FIDO is an open industry association to develop and promote authentication standards that “help reduce the world’s over-reliance on passwords”. The first flaw allows attacker to conduct man-in-the-middle attacks and gain access to security keys or allows the attacker to impersonate aclient to the authenticator. Other flaw related to the ‘pintoken’. FIDO2 generates pintoken at startup and is used for further subsequent communications. If any of the sessions are compromised total security is lost
Source: https://www.itnews.com.au/news/researchers-identify-fido2-protocol-vulnerabilities-580588